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CLAM AMENDMENTS 

1 1 . (Currently Amended) A method of securely establishing a call between a first node of a 

2 voice over Internet Protocol call connection and a second node thereof, the method 

3 comprising the computer-implemented steps of: 

4 receiving non-encrypted authentication request information from the first node; 

5 receiving, from an authentication server that is communicatively coupled to the second 

6 node, an authentication message indicating whether the first node is authenticated 

7 based on the non-encrypted authentication request information; and 

8 establishing a call between the second node and the first node only when the 

9 authentication message indicates that the first node is authenticated at the 
10 authentication server. 

1 2. (Original) A method as recited in Claim 1, wherein the step of receiving non-encrypted 

2 authentication request information comprises the steps of receiving an access token 

3 comprising a general identifier value, a time stamp value, a challenge value, and a 

4 random value. 

1 3. (Original) A method as recited in Claim 1, wherein the step of receiving non-encrypted 

2 authentication request information comprises the steps of receiving an H.235 ClearToken 

3 comprising a general identifier value, a time stamp value, a challenge value, and a 

4 random value. 

1 4. (Currently Amended) A method as recited in Claim 1, wherein the step of receiving non- 

2 encrypted authentication request information further comprises the steps of: 

3 determining whether the authentication request information was created within a 

4 r e asonabl e an acceptable interval of time with respect to th e th e n current a current 

5 time; and 

6 issuing a request for authentication to the authentication server only when the 

7 authentication request information was created within a r e asonabl e the acceptable 

8 interval of time with respect to the th e n current current time. 
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1 5. (Currently Amended) The A method as recited in Claim 1 , further comprising the steps 

2 of: 

3 receiving a password that is associated with the first node; 

4 generating an authentication response based on the password and challenge information 

5 contained in the authentication request information; 

6 determining whether the authentication response matches the authentication request 

7 information; and 

8 issuing authentication approval information in the authentication message only when the 

9 authentication response matches the authentication request information. 

1 6. (Currently Amended) The Amethod as recited in Claim 1 , further comprising the steps 

2 of: 

3 receiving a password that is associated with the first node; 

4 generating a Challenge Handshake Authentication Protocol (CHAP) response based on 

5 the password and implied CHAP challenge information contained in the 

6 authentication request information; 

7 determining whether the authentication response matches the authentication request 

8 information based on CHAP; and 

9 issuing authentication approval information in the authentication message only when the 

10 authentication response matches the authentication request information based on 

11 CHAP. 

1 7. (Currently Amended) A method of securely establishing a call in a voice over Internet 

2 Protocol call connection system that includes a first gateway at a call origination point, a 

3 first gatekeeper, a second gatekeeper, a second gateway at a call termination point, and an 

4 authentication server that is communicatively coupled to the first gatekeeper and the 

5 second gatekeeper, the method comprising the computer-implemented steps of: 

6 receiving non-encrypted authentication request information from the first gateway; 
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7 receiving from the authentication server an authentication message indicating whether the 

8 first gateway is authenticated based on the non-encrypted authentication request 

9 information; and 

10 establishing a call between the second gateway and the first gateway only when the 

1 1 authentication message indicates that the first gateway is authenticated at the 

12 authentication server. 

1 8. (Currently Amended) A method as recited in Claim 7, further comprising the steps of: 

2 receiving a call setup request message at the first gateway; 

3 creating and storing the non-encrypted authentication request information based on the 

4 current time and information that uniquely identifies the first gateway; and 

5 requesting the second gateway to set up a call based on the authentication request 

6 information. 

1 9. (Currently Amended) A method as recited in Claim 8, further comprising the steps of: 

2 determining whether the authentication request information was created within a 

3 r e asonabl e an acceptable interval of time with respect to th e th e n curr e nt a current 

4 time; at the second gatekeeper; and 

5 requesting the authentication server to carry out authentication of the first gateway only 

6 when the authentication request information was created within a r e asonabl e the 

7 acceptable interval of time with respect to the th e n curr e nt current time at the 

8 second gatekeeper. 

1 10. (Original) A method as recited in Claim 7, wherein the step of receiving non-encrypted 

2 authentication request information comprises the steps of receiving an access token 

3 comprising a general identifier value, a time stamp value, a challenge value, and a 

4 random value. 
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1 11. (Original) A method as recited in Claim 7, wherein the step of receiving non-encrypted 

2 authentication request information comprises the steps of receiving an H.235 ClearToken 

3 comprising a general identifier value, a time stamp value, a challenge value, and a 

4 random value. 

1 12. (Currently Amended) The A method as recited in Claim 7, further comprising the steps 

2 of: 

3 receiving a password that is associated with the first gateway; 

4 generating an authentication response based on the password and challenge information 

5 contained in the authentication request information; 

6 determining whether the authentication response matches the authentication request 

7 information; and 

8 issuing authentication approval information in the authentication message only when the 

9 authentication response matches the authentication request information. 

1 13. (Currently Amended) The method as recited in Claim 7, further comprising the steps of; 

2 receiving a password that is associated with the first gateway; 

3 generating an authentication response based on the password and challenge information 

4 contained in the authentication request information; 

5 determining whether the authentication response matches the authentication request 

6 information; 

7 issuing authentication approval information in the authentication message to the second 

8 gatekeeper only when the authentication response matches the authentication 

9 request information; and 

10 issuing authentication rejection information in the authentication message to the second 

1 1 gatekeeper when the authentication response does not match the authentication 

1 2 request information. 
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1 14. (Currently Amended) The Amethod as recited in Claim 7, further comprising the steps 

2 of: 

3 receiving a password that is associated with the first gateway; 

4 generating a Challenge Handshake Authentication Protocol (CHAP) response based on 

5 the password and implied CHAP challenge information contained in the 

6 authentication request information; 

7 determining whether the authentication response matches the authentication request 

8 information based on CHAP; and 

9 issuing authentication approval information in the authentication message only when the 

10 authentication response matches the authentication request information based on 

11 CHAP. 

1 15. (Currently Amended) The ^method as recited in Claim 12, wherein the step of 

2 establishing a call between the second gateway and the first gateway comprises the step of 

3 establishing a call between the second gateway and the first gateway only when 

4 authentication approval information is received in the authentication message. 



(Currently Amended) A method of securely establishing a call in a voice over Internet ' 
Protocol call connection system that includes a first gateway at a call origination point, a 
first gatekeeper, a second gatekeeper, a second gateway at a call termination point, and an 

authentication server that is communicatively coupled to the first gatekeeper and the , 

second gatekeeper, the method comprising the computer-implemented steps of: ,| 
receiving user identification information from the first gateway that comprises a user 

identifier and a personal identification number that are uniquely associated with a \ 

calling party who originates a call using the first gateway; 1 

receiving from the authentication server a first authentication message indicating whether 1 

the user identification information is authenticated; =' 

■i 

receiving non-encrypted authentication request information from the first gateway; j 

i 
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12 receiving from the authentication server a second authentication message indicating 

13 whether the first gateway is authenticated based on the non-encrypted 

14 authentication request information; and 

1 5 establishing a call between the second gateway and the first gateway for the calling party 

16 only when the first authentication message indicates that the user identification 

17 information is authenticated and the second authentication message indicates that 

18 the first gateway is authenticated at the authentication server. 

1 17. (Original) A method as recited in Claim 16, wherein the step of receiving non-encrypted 

2 authentication request information comprises the steps of receiving an access token 

3 comprising a general identifier value, a time stamp value, a challenge value, and a 

4 random value. 

1 18. (Original) A method as recited in Claim 16, wherein the step of receiving non-encrypted 

2 authentication request information comprises the steps of receiving an H.235 ClearToken 

3 comprising a general identifier value, a time stamp value, a challenge value, and a 

4 random value. 



(Currently Amended) A method as recited in Claim 16, wherein the step of receiving 
non-encrypted authentication request information further comprises the steps of: 
determining whether the authentication request information was created within a 

r e asonabl e an acceptable interval of time with respect to th e th e n current a current 
time; and 

issuing a request for authentication to the authentication server only when the 

authentication request information was created a r e asonable the acceptable 
interval of time with respect to the th e n current current time. 

1 20. (Currently Amended) The Amethod as recited in Claim 16, further comprising the steps 

2 of: 

3 receiving a password that is associated with the first gateway; 
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generating an authentication response based on the password and challenge information 

contained in the authentication request information; 
determining whether the authentication response matches the authentication request 

information; and 

issuing authentication approval information in the authentication message only when the 
authentication response matches the authentication request information. 

21. (Currently Amended) The Amethod as recited in Claim 16, further comprising the steps 
of: 

receiving a password that is associated with the first gateway; 

generating a Challenge Handshake Authentication Protocol (CHAP) response based on 

the password and implied CHAP challenge information contained in the 

authentication request information; 
determining whether the authentication response matches the authentication request 

information based on CHAP; and 
issuing authentication approval information in the authentication message only when the 

authentication response matches the authentication request information based on 

CHAP. 

22. (Currently Amended) A method as recited in Claim 16, wherein the step of receiving 
non-encrypted user identification information further comprises the steps of: 
determining whether the user identification information was created within a r e asonable 

an acceptable interval of time with respect to th e th e n curr e nt a current time; and 
issuing a request for authentication to the authentication server only when the user 

identification information was created within a r e asonabl e the acceptable interval 
of time with respect to the then current current time. 

23. (Currently Amended) The Amethod as recited in Claim 1 6, further comprising the steps 
of: 

retrieving a personal identification value that is associated with the user account number 
in the user identification information; 
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5 determining whether the personal identification value matches the personal identification 

6 number that is in the user identification information; and 

7 issuing authentication approval information in the authentication message only when the 

8 personal identification value matches the personal identification number that is in 

9 the user identification information. 

1 24. (Currently Amended) A computer-readable medium carrying one or more sequences of 

2 instructions for securely establishing a call between a first node of a voice over Internet 

3 Protocol call connection and a second node thereof, which instructions, when executed by 

4 one or more processors, cause the one or more processors to carry out the steps of: 

5 receiving non-encrypted authentication request information from the first node; 

6 receiving, from an authentication server that is communicatively coupled to the second 

7 node, an authentication message indicating whether the first node is authenticated 

8 based on the non-encrypted authentication request information; and 

9 establishing a call between the second node and the first node only when the 

10 authentication message indicates that the first node is authenticated at the 

1 1 authentication server. 

1 25. (Original) A computer-readable medium as recited in Claim 24, wherein the step of 

2 receiving non-encrypted authentication request information comprises the steps of 

3 receiving an access token comprising a general identifier value, a time stamp value, a 

4 challenge value, and a random value. 

1 26. (Original) A computer-readable medium as recited in Claim 24, wherein the step of 

2 receiving non-encrypted authentication request information comprises the steps of 

3 receiving an H.235 ClearToken comprising a general identifier value, a time stamp value, 

4 a challenge value, and a random value. 



Docket No. 50325-0102 (1850) 



9 



Application of Inventor Floryanzia, Ser. No. 09/676,265, Filed 9/28/00 
Reply to Office Action 



1 27. (Currently Amended) A computer-readable medium as recited in Claim 24, wherein the 

2 step of receiving non-encrypted authentication request information further comprises the 

3 steps of: 

4 determining whether the authentication request information was created within a 

5 reasonabl e an acceptable interval of time with respect to th e th e n curr e nt a current 

6 time; mid 

7 issuing a request for authentication to the authentication server only when the 

8 authentication request information was created within a r e asonabl e the acceptable 

9 interval of time with respect to the th e n curr e nt current time. 

1 28. (Currently Amended) The ^computer-readable medium as recited in Claim 24, further 

2 comprising the steps of: 

3 receiving a password that is associated with the first node; 

4 generating an authentication response based on the password and challenge information 

5 contained in the authentication request information; 

6 determining whether the authentication response matches the authentication request 

7 information; 

8 issuing authentication approval information in the authentication message only when the 

9 authentication response matches the authentication request information. 

1 29. (Currently Amended) The ^computer-readable medium as recited in Claim 24, further 

2 comprising the steps of: 

3 receiving a password that is associated with the first node; 

4 generating a Challenge Handshake Authentication Protocol (CHAP) response based on 

5 the password and implied CHAP challenge information contained in the 

6 authentication request information; 

7 determining whether the authentication response matches the authentication request 

8 information based on CHAP; and 
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9 issuing authentication approval information in the authentication message only when the 

10 authentication response matches the authentication request information based on 

11 CHAP. 

1 30. (Currently Amended) An apparatus for securely establishing a call between a first node 

2 of a voice over Internet Protocol call connection and a second node thereof, which 

3 instructions, comprising: 

4 means for receiving non-encrypted authentication request information from the first node; 

5 means for receiving, from an authentication server that is communicatively coupled to the 

6 second node, an authentication message indicating whether the first node is 

7 authenticated based on the non-encrypted authentication request information; mid 

8 means for establishing a call between the second node and the first node only when the 

9 authentication message indicates that the first node is authenticated at the 
10 authentication server. 

1 31. (Currently Amended) An apparatus for securely establishing a call between a first 

2 node of a voice over Internet Protocol call connection and a second node thereof, 

3 comprising: 

4 a network interface that is coupled to the data network for receiving one or more 

5 packet flows therefrom; 

6 a processor; 

7 one or more stored sequences of instructions which, when executed by the processor, 

8 cause the processor to carry out the steps of: 

9 receiving non-encrypted authentication request information from the first node; 

10 receiving, from an authentication server that is communicatively coupled to the 

1 1 second node, an authentication message indicating whether the first 

12 node is authenticated based on the non-encrypted authentication request 

13 information; and 

14 establishing a call between the second node and the first node only when the 

1 5 authentication message indicates that the first node is authenticated at 

1 6 the authentication server. 
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1 32. (New) An apparatus as recited in Claim 30, wherein the means for receiving 

2 non-encrypted authentication request information comprises means for receiving an 

3 access token comprising a general identifier value, a time stamp value, a challenge value, 

4 and a random value. 

1 33. (New) An apparatus as recited in Claim 30, wherein the means for receiving 

2 non-encrypted authentication request information comprises means for receiving an 

3 H.235 ClearToken comprising a general identifier value, a time stamp value, a challenge 

4 value, and a random value. 

1 34. (New) An apparatus as recited in Claim 30, wherein the means for receiving 

2 non-encrypted authentication request information further comprises: 

3 means for determining whether the authentication request information was created within 

4 an acceptable interval of time with respect to a current time; and 

5 means for issuing a request for authentication to the authentication server only when the 

6 authentication request information was created within the acceptable interval of 

7 time with respect to the current time. 

1 35. (New) An apparatus as recited in Claim 30, further comprising: 

2 means for receiving a password that is associated with the first node; 

3 means for generating an authentication response based on the password and challenge 

4 information contained in the authentication request information; 

5 means for determining whether the authentication response matches the authentication 

6 request information; and 

7 means for issuing authentication approval information in the authentication message only 

8 when the authentication response matches the authentication request information. 

1 36. (New) An apparatus as recited in Claim 30, further comprising: 

2 means for receiving a password that is associated with the first node; 
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3 means for generating a Challenge Handshake Authentication Protocol (CHAP) response 

4 based on the password and implied CHAP challenge information contained in the 

5 authentication request information; 

6 means for determining whether the authentication response matches the authentication 

7 request information based on CHAP; and 

8 means for issuing authentication approval information in the authentication message only 

9 when the authentication response matches the authentication request information 
10 based on CHAP. 

1 37. (New) An apparatus as recited in Claim 31, wherein the step of receiving non-encrypted 

2 authentication request information comprises the steps of receiving an access token 

3 comprising a general identifier value, a time stamp value, a challenge value, and a 

4 random value. 

1 38. (New) An apparatus as recited in Claim 31, wherein the step of receiving non-encrypted 

2 authentication request information comprises the steps of receiving an H.235 ClearToken 

3 comprising a general identifier value, a time stamp value, a challenge value, and a 

4 random value. 

1 39. (New) An apparatus as recited in Claim 3 1 , wherein the step of receiving non-encrypted 

2 authentication request information further comprises the steps of: 

3 determining whether the authentication request information was created within an 

4 acceptable interval of time with respect to a current time; and 

5 issuing a request for authentication to the authentication server only when the 

6 authentication request information was created within the acceptable interval of 

7 time with respect to the current time. 

1 40. (New) An apparatus as recited in Claim 31, further comprising one or more sequences of 

2 instructions which, when executed by the processor, cause the processor to carry out the 

3 steps of: 

4 receiving a password that is associated with the first node; 
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5 generating an authentication response based on the password and challenge information 

6 contained in the authentication request information; 

7 determining whether the authentication response matches the authentication request 

8 information; and 

9 issuing authentication approval information in the authentication message only when the 
10 authentication response matches the authentication request information. 

1 41 . (New) An apparatus as recited in Claim 3 1 > further comprising one or more sequences 

2 of instructions which, when executed by the processor, cause the processor to carry out 

3 the steps of: 

4 receiving a password that is associated with the first node; 

5 generating a Challenge Handshake Authentication Protocol (CHAP) response based on 

6 the password and implied CHAP challenge information contained in the 

7 authentication request information; 

8 determining whether the authentication response matches the authentication request 

9 information based on CHAP; and 

10 issuing authentication approval information in the authentication message only when 

1 1 the authentication response matches the authentication request information 

12 based on CHAP. 
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